OWASP Xenotix XSS Exploit Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich Information Gathering module for target Reconnaissance. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. The Exploit Framework includes highly offensive XSS exploitation modules for Penetration Testing and Proof of Concept creation.


HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.
The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.

x Multiples modules to execute.
x Save the output to an specify directory.
x HTML Reporting.
x Use multiples wordlist to probe against htaccess bypassing.
x Mode verbose for a full detailed information.
x Recursive crawling engine.

$ python htexploit

H H TT E l ii t
HHHH TT EEE x x ppp l ooo ttt
H H TT E x p p l o o ii t
H H TT EEEE x x ppp l ooo ii tt
p v0.77

Usage: htexploit -u [URL] [options]

-h, --help show this help message and exit
-u URL, --url=URL **REQUIRED** - Specify the URL to scan
-o OUTPUT, --output=OUTPUT
Specify the output directory (Default: Random)
-w WORDLIST, --wordlist=WORDLIST
Specify the wordlist to use (Default: 'res/FullList')
-v, --verbose Verbosity level (Default: 0)

Example Usage:
python htexploit -u somesite.com -w somewordlist_not_included -o folder_to_output


PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid reverse engineers, forensic analysts, and penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:

Execute code on a target machine.

Injects a Dll into the process ID of your choosing.

Reflectively loads a Windows PE file (DLL/EXE) in to the powershell process, or reflectively injects a DLL in to a remote process.

Injects shellcode into the process ID of your choosing or within PowerShell locally.

Execute shellcode within the context of the running PowerShell process without making any Win32 function calls.

Cause a blue screen to occur (Windows 7 and below).

Modify and/or prepare scripts for execution on a compromised machine.

Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.

Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.

Encrypts text files/scripts.

Strips comments and extra whitespace from a script.

Add persistence capabilities to a PowerShell script

Configure user-level persistence options for the Add-Persistence function.

Configure elevated persistence options for the Add-Persistence function.

Add persistence capabilities to a script.

Parse/manipulate Windows portable executables.

An in-memory and on-disk PE parsing utility.

Displays information about one or more Windows object files.

Displays symbolic information from Windows lib files.



Auto_Exploit is a replacement plugin for Metasploit's missing db_autopwn module written by Dark Operator.


A python based tool that automates several different types of attacks including Metasploit’s Autopwn and SQL Injection


This tool was originally written to demonstrate and exploit IE's vulnerabilityto a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.

It is designed to MITM all SSL connections on a LAN, and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.


Sipsak is a voip sip router hacking utility


DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DomXss). It is the first runtime tool which can help security testers to identify DomXss.

Dominator is available in two different editions: Free and Professional. Free is open to the community, Pro has additional features like better support, intuitive GUI, more extensive rulebase and knowledge base.

Phantom JS

PhantomJS is a headless WebKit with JavaScript API. It has fast and native support for various web standards: DOM handling, CSS selector, JSON, Canvas, and SVG. It works like a web proxy that allows you to view and edit DOM, CSS, JSON and other code.


SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit removes HPKP response headers in order to prevent public key pinning.

% sslsplit -h
Usage: sslsplit [options...] [proxyspecs...]
-c pemfile use CA cert (and key) from pemfile to sign forged certs
-k pemfile use CA key (and cert) from pemfile to sign forged certs
-C pemfile use CA chain from pemfile (intermediate and root CA certs)
-K pemfile use key from pemfile for leaf certs (default: generate)
-t certdir use cert+chain+key PEM files from certdir to target all sites
matching the common names (non-matching: generate if CA)
-O deny all OCSP requests on all proxyspecs
-P passthrough SSL connections if they cannot be split because of
client cert auth or no matching cert and no CA (default: drop)
-g pemfile use DH group params from pemfile (default: keyfiles or auto)

Syndicate content